diff --git a/nixos/hosts/gandalf/default.nix b/nixos/hosts/gandalf/default.nix index 77bc4f4..2bec709 100644 --- a/nixos/hosts/gandalf/default.nix +++ b/nixos/hosts/gandalf/default.nix @@ -62,6 +62,10 @@ in mode = "0444"; sopsFile = ./secrets.sops.yaml; }; + "borg/repositories/gandalf" = { + mode = "0444"; + sopsFile = ./secrets.sops.yaml; + }; }; }; @@ -81,27 +85,34 @@ in samba.extraConfig = import ./config/samba-config.nix { }; resticBackup.local.enable = false; resticBackup.remote.enable = false; - }; + # # Borg + # borgbackup = { + # enable = true; + # paths = [ "/home" ]; + # exclude = [ ]; + # repo = "ssh://t3zvn0dd@t3zvn0dd.repo.borgbase.com/./repo"; + # repoKeyPath = "/run/secrets/borgbackup/telchar"; + # }; - services = { - podman.enable = true; - libvirt-qemu.enable = true; + services = { + podman.enable = true; + libvirt-qemu.enable = true; - # Sanoid - sanoid = { - enable = true; - inherit (sanoidConfig.outputs) templates datasets; - }; + # Sanoid + sanoid = { + enable = true; + inherit (sanoidConfig.outputs) templates datasets; + }; - # Unifi & Lego-Auto - unifi.enable = true; - lego-auto = { - enable = true; - dnsimpleTokenPath = "${config.sops.secrets."lego/dnsimple/token".path}"; - domains = "gandalf.jahanson.tech"; - email = "joe@veri.dev"; - provider = "dnsimple"; + # Unifi & Lego-Auto + unifi.enable = true; + lego-auto = { + enable = true; + dnsimpleTokenPath = "${config.sops.secrets."lego/dnsimple/token".path}"; + domains = "gandalf.jahanson.tech"; + email = "joe@veri.dev"; + provider = "dnsimple"; + }; }; }; - }; -} + } diff --git a/nixos/hosts/gandalf/secrets.sops.yaml b/nixos/hosts/gandalf/secrets.sops.yaml index 9bf8969..53c7729 100644 --- a/nixos/hosts/gandalf/secrets.sops.yaml +++ b/nixos/hosts/gandalf/secrets.sops.yaml @@ -1,6 +1,11 @@ lego: dnsimple: token: ENC[AES256_GCM,data:CfRFhGE8AyZfO9RzoXXTfm8kstvx+Fuy53o9ulYNZiufzzSQ4KzwYIoCRw==,iv:HEC8hRpmk7YDI7RHj29ZAeFKyPgsWTHw1sxjdZuhcrw=,tag:7RhEhZ9GkyBE9PJRe+gD+Q==,type:str] +borg: + repositories: + - name: ENC[AES256_GCM,data:kQ6HlxtIGw==,iv:/fn/tZ+g0OQ0zbPM4RkchOjlLGbTau0qjIjmn7E6e18=,tag:SMOX35dqTmV90bpjSyJ1DQ==,type:str] + location: ENC[AES256_GCM,data:wosJBuACNDx7XTkiSVrzSOsknIh15Ya5aDGTfvSaY0ZiDyjOKED+srhcuOrjzcHy,iv:OGIiXGpzvgjvmP4NY9B/pMOoq9HzUkEr3fcRXG0m6fs=,tag:/hr8HGYBz5Ze/schxeXgLw==,type:str] + passphrase: ENC[AES256_GCM,data:tg/SRKkuiDK24RRKfAxrLMh5NjE=,iv:9QjLuI/vvD3/BxE/Aq3tM035oHCY/NN9a33ii8xsD5M=,tag:TFjNQ0TO0PvQ+mkEdAylWQ==,type:str] sops: kms: [] gcp_kms: [] @@ -70,8 +75,8 @@ sops: V1d0d1lKb3hyYVQ4elBIZ0hnU3FTbnMKiWERjAwlJRPK+PILCBV03uyNVnNgolA8 PS0vbIDVNiX0pIrRlM2sVivZwqajjTB3XROXMmbIKpQxDMjvpHgqJA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-07-15T23:16:58Z" - mac: ENC[AES256_GCM,data:OQn/8yJX1xRapEUflwUHaHabt8i1EbK27vAM5mJge5n/y2+G7xYfpt2YsRUikogl1q4hqSGLe12WFYdG3TXqD5aBnwnf8if0Cax2wcjcm0ybcuWflXgZbtjWnVKV9w1Y8LCXpMd129VeeqysrY/lThRjXk1ByBcfbZ/RMZOyWOw=,iv:9mn0FH39xgFXisuEZrERhsjXCM7nQhMSoNdNTuGoHXc=,tag:T7AgJ8fYKVLDtRPm794AAg==,type:str] + lastmodified: "2024-07-27T02:39:00Z" + mac: ENC[AES256_GCM,data:DfXmbUCj/IZWwUB7OLfgH5A6CosWj5SxUuw7LODGbaZZP3GaX4JOZvQpK5DXFMiTX2NOMId2ap+uJ8ea7LXrZuCxlvITprj3PuAY61EmJV/GVQLKjB/tTtyQtZJEZXo0WiqGYtZdyxLLMGF9DyHGYsqFdso2fhYV19gooBwXqoM=,iv:CxJXp3c/IEBMTvXm3i9mdGAtv3m6WPmQTWdENqDcpQw=,tag:UXWBvmBPaCEHoRrdNW0MgA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1